- Joined
- 26.12.23
- Messages
- 194
- Reaction score
- 2,096
- Points
- 93
One great way to successfully place your orders is by using residential proxies.
But have you ever stopped to think about what goes on behind the scenes? How do these proxy providers operate, and what factors determine whether your IP address is seen as trustworthy or suspicious by the sites you visit?
In this exclusive writeup, we'll dive into the world of residential proxies and explore the crucial difference between dirty and clean proxy pools, and which tools can help you increase your success rate.
But have you ever stopped to think about what goes on behind the scenes? How do these proxy providers operate, and what factors determine whether your IP address is seen as trustworthy or suspicious by the sites you visit?
In this exclusive writeup, we'll dive into the world of residential proxies and explore the crucial difference between dirty and clean proxy pools, and which tools can help you increase your success rate.
History of residential proxies
Old-heads and veteran carders will surely remember the likes of 911 and AWMproxy, as they were the ones who pioneered in offering massive swaths of proxies with a rich targeting interface; before them it was pretty much the wild west, you source a list of socks5 or HTTPs proxies, you check them with a checker, and you pick the closest living proxy to your card's billing details, not having an idea how tainted the proxies were. This is what made the likes of 911 and AWMProxy stand out, they offered a great user experience, and they never seem to run out of IPs!
How?
Why don't they run out of IPs, you ask? Well botnets of course! AWM and some other IP providers were using people's home routers to proxy their traffic without permission. They pulled this off by hacking the routers with 0day exploits and infecting them with Glupteba botnet malware. This let them bounce their connections through the routers over SSH tunnels.
911 ran several sketchy 'free' VPN services that worked as tunnels for their users. When someone uses 911's proxy, their request goes through a random person who's using the 'free' VPN without knowing it. Then, that person's traffic is sent to 911's servers. It's like that famous saying: "If you're not paying for it, you're not the customer; you're the product being sold."
The funniest part of this all is that nowadays it's pretty much the modus operandi of ALL major residential proxy providers, from BrightData to IPRoyal, to little resellers that leech off of these huge players: it's all 'free' VPNs all the way down.
Lucky for us, the constant supply of IPs (by the millions) give us a huge benefit of having unlimited, dirt-cheap access to any IP from any location we choose, making IP blocks a thing of the past.
Everybody gets a proxy
Because everyone is willingly submitting their IP by the droves to these 'free' VPN services, the prices per connection naturally decreased, benefiting us all the more. Even given how a lot of these services do not even cater to carders and fraudsters, and primarily to scrapers who want to get around captchas and people who run massive botting operations that require thousands to hundred thousands of IP addresses, Nguyen from Vietnam who just wants to buy a bunch of designer clothes using Mark Smith from Florida's CapitalOne card will surely not have a hard time blending in undetectable.
Understood. Which provider should I buy?
When I wrote my AI systems guide, I mentioned in passing that if someone's picking a residential proxy provider, then the larger the pool, the better. While this holds true in most cases—larger pool means more IP to rotate on, meaning more chances of you getting lower fraud scores—it doesn't really hold true all the time. A lot of large providers are also resold by smaller scale providers downstream, meaning that their pool get also tainted multiple times around, and that due to reseller and bulk pricing, sometimes smaller unpopular providers can provide the same IP pool as large players for cheaper.
FREE SAUCE ALERT
An amazing trick I've used before to help me get the absolute best proxies imaginable is to look for residential proxy providers that block financial websites (stripe, paypal, etc). What this means is that their pool is virgin/clean on dealing with online purchases; and we just have to find a way to bypass that block in order to get the maximum mileage we need to be successful. There are two ways these proxy sites block financial sites, one is easy to bypass and one is trickier:
1. DNS Blocks. A lot of times these proxy providers block financial websites by blocking it from getting resolved through DNS. This is easily bypassable, just enable DNS resolution locally via MITMproxy or Burp Suite, and all domains will work.
2. Blocking IP ranges. This is a bit trickier, because in this case even if you allow domain resolution the IP ranges of the services will still be inaccessible. Using MITMproxy you can also bypass this (although not as easily) by essentially disabling the proxy for endpoints which are needed for the payment process to operate (eg using direct access for requests to api.stripe.com, but proxying requests to everything else)
The final decision as to which provider you'll decide on weighs heavily on your needs as no two provider (unless one is a reseller) are alike. Some country pools are better on some country, while some are worse; the best course of action then, is to assess which fits perfectly with your workflow by trying them out one by one.
To sock or not to sock
A lot of people are still confused by this, but always pick HTTPs whenever possible. Non-SSL connection between you and the site you're accessing are read and logged by Socks5 proxies as they have no default encryption mechanism. There's no downside to using HTTPs, and it's the more secure of the two.
How about X,Y,Z which provides proxies?
If the service you're planning to use does not have at least 5M in their pool, or if--and this is even worse--they primarily cater to carders and fraudsters, then just don't, you'll simply be wasting your time.
Mobile proxies, how do they differ?
Mobile proxies and residential proxies are treated differently by websites, with mobile proxies often being assigned a higher level of trust. This is due to the fact that mobile users' IP addresses are highly dynamic and change frequently throughout the day. The inherent instability and high entropy of mobile device IP addresses render them unreliable for website owners to use as a metric for fraud assessment. Since each mobile user is assigned a different IP address every time they connect, the IP address stops serving its purpose as a reliable identifier, leading websites to place more trust in mobile proxies compared to residential proxies. The only thing one should worry about mobile proxies is their price and their availability.
Like what I said in my AI systems guide, using residential proxies that are simply near the billing details are no longer efficient, one should always adjust to better and more modern tools to help them navigate fraud successfully. This is just a preview of many many more topics I plan to write about soon, which I hope will help readers improve their work. I'll also go deeper on proxying, and various tricks and leak mitigation strategies. Stay tuned.
Last edited: